Troj/Zasil-A

Troj/Zasil-A creates and executes the file registry.exe in the Windows folder and then displays a pornographic JPG image.

The file registry.exe creates the following registry entry, which starts registry.exe when Windows starts up:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Registry Services

Each time registry.exe is executed the Trojan will attempt to download a text file from the internet that contains links to scripts that access pages from lists of website addresses contained in the scripts. The Trojan may also access a spyware script that reports the IP address being used by the active Trojan.

Troj/Zasil-A leaves multiple copies of the dropped executable and the JPG
file in the Windows Temp folder.

The JPG graphic is of a naked middle-aged blonde woman sitting on a table and advertises a pornographic website.